KYC remains a pain-point for all, despite numerous attempts to build utilities and reduce the burden on businesses and banks alike. What can treasurers do to comply with this essential process more easily? We ask those involved about much-needed relief.
“The average global treasury team spends more than one day per week navigating a thicket of KYC requirements. And it’s not getting any easier,” says Delphine Masquelier, Product Manager KYC Compliance Services at SWIFT. The regulatory landscape is evolving fast, making KYC processes increasingly complex. For corporates that use the services of multiple banks, the challenge of just keeping up is magnified several times over as they work to comply with the KYC requests of each one, often across different products.
Hurrah then for the KYC utility, centralising access to common and uniform data and documents. Well, not quite. Despite the KYC ‘industry’ lending itself to the existence of a common platform for sharing otherwise commodified data, it has yet to see a successful delivery.
When Bloomberg announced in April 2019 that it will shut down Entity Exchange, and Refinitiv said in June it is planning to close its KYC-as-a-service offering, low uptake was cited on the death certificate of these high profile utilities. “Many vendors had a go on their own to solve the complex challenge with limited success,” notes Masquelier. “They have inadvertently added to complexity, failed to find a sustainable economic model or, in some cases, created solutions that have not been fit for purpose.”
Mark Trivedi, Managing Director, Head of Client Experience and Firmwide Collateral Transformation, J.P. Morgan has a bit more sympathy for the KYC utility effort. Because AML and KYC rules are delivered as directives, they are not as prescriptive as perhaps imagined, he notes. “This leaves room for local interpretation, and so variability ensues.” Additionally, he says each institution has its own risk tolerance and profile which can also dictate how their requirements are shaped.
The whole process is a moving feast: even if some level of consistency and understanding is achieved, the rules keep changing, says Trivedi. “Adapting regularly to that portfolio of changes makes the establishment of a singular utility very challenging.”
Of course, it may just be the case that multiple utilities existing in the same space simply defeat the objective of a single source of information, or that those surfacing were competitive rather than consortia-driven exercises. This is a point made by Alan Samuels, Head of Product at global KYC process automation firm, Encompass. “They need to be driven by the data providers rather than third-parties,” he suggests. “Successful utilities arise only when industry participants work together.”
Samuels argues that “trying to boil the ocean by offering a global KYC solution”, when most banks and organisations are more regionalised, seems not to work for utilities (SWIFT notwithstanding). There is a clue to a possible template for success here: Encompass is part of Invidem, a KYC utility set up by a coalition of six Nordic banks in 2019, having found a way of encouraging regional KYC stakeholders to willingly participate. If others follow, a ‘network of networks’ model could cross the globe.
“Ultimately successful utilities are a mix of push and pull,” says Samuels. “Push comes from the regulators, maintaining standards, enforcing good practice and instilling discipline. But pull must come from the industry, working together and seeing the value in collaboration.”
Pain continues
But KYC has always been a slow process. In the past, governments would release lists of sanctioned entities and compliance teams would manually check new customers to make sure there were no matches. And despite the digital revolution, the process remains repetitive, lengthy and cumbersome.
Research has shown that it takes an average of 24 days for a company to complete a bank’s customer onboarding process. This delay is due to “poor data management”, states Masquelier, adding that the data required by financial institutions from corporates is “often incomplete, out of date and held in multiple databases”. It’s why even an existing bank customer can receive multiple KYC requests from different divisions.
The absence of uniformity, differing jurisdictional requirements and the lack of standardised data across the corporate KYC space puts pressure on the relationship between banks and their corporate clients. Treasury teams have naturally been at the centre of this maelstrom – confronted with demands from multiple global bankers across geographies, they have often had to scramble to update their corporate identity information, authorised signatories list and legal entity documents.
“In many cases, they have been asked to supply new information at a far more granular level of detail than ever before,” observes Manoj Mistry, Managing Director of IBOS (or the ‘International Banking – One Solution’ Banking Association), the trade organisation of global correspondent banking service providers. “Faced with losing valuable access to banking services, the degree of exigent coordination across an organisation to obtain current and consistent information has created a sizable burden among treasurers and their staff.”
Relatedly, the information burden for correspondent banking relationships is perhaps the most onerous. Use of previously ‘standard’ information is now by and large negated, with Enhanced Due Diligence (EDD) rules now superseding past regulations, and bankers asking for a ‘global minimum’ standard EDD information that is substantially more critical and inquisitive about client relationships. “In order to supply this level of data, and to keep it refreshed on a periodic annual basis, it has created additional complex and time-intensive workload for smaller corporate teams,” he comments.
It’s true also that greater digitisation in the global payment systems has created a new responsibility for real-time authorisations from treasury. “Whilst in the past, large money transfers and payments were covered under the KYC master file, recently, many banks are requiring individual authorisations even for regular payments (such as monthly vendor invoices),” notes Mistry.
This is especially onerous for payments destined for regions under some type of sanction. Indeed, if one part of a global organisation needs to maintain a legitimate payments relationship with businesses in a sanctioned country, that relationship can create additional risk in the overall global banking relationship, and in so doing, increase the frequency and depth of informational refresh.
But with banks currently using a mix of internal and vendor tools, “getting them to agree on a single solution is like herding cats,” states Mistry. Perhaps most challenging of all though, he believes, is the ability of anyone to monitor global regulatory developments and then create a ‘global minimum standard’ that banks and regulators can agree on, and which corporates can support.
The failure of the KYC utility model so far, he notes, is in part driven by a “low willingness” among current data vendors to agree on a pricing schema to contribute their data to a portal partnership. But he also sees a lack of enthusiasm for (and maybe high cost-sensitivity to) creating comprehensive current-ownership and structure information around private companies.
Whilst Bureau van Dijk (part of Moody’s) has good coverage of EU private companies, “that’s about it,” notes Mistry. “The Americas and ROW remain a ‘Wild West’, with 100% reliance on what private companies claim is true – no independent verification is possible.” J.P. Morgan’s Trivedi further observes a general corporate resistance to uploading relatively sensitive data into a third-party source, many citing data privacy and security as a concern.
Personal pain
Praveen Juyal, Treasury Manager, Amway India Enterprises, has first-hand experience of what KYC compliance is like from the corporate side. Whilst he accepts that KYC has a vital role to play, he says the main pain-point for him, as a treasurer, is process efficiency.
The forum we created when trialling our KYC Registry enabled corporates to understand why banks ask for certain types of information, and for banks to reflect on the questions they are asking, and to assess whether opportunities exist for harmonisation through global standards.
Delphine Masquelier, Product Manager KYC Compliance Services, SWIFT
To illustrate his point, he reflects on a recent event. “I have exchanged 20 emails with one of our banks on this KYC. The bank wants the signature of the customers but I have told them many times that all are working from home, and that it’s difficult to get signatures at present, considering the situation with COVID-19, but the bank is still not satisfied.”
His ongoing frustration is palpable. “We have 15 signatories and 12 banks in our system. Every year we need to provide KYC, and it’s a pain to do it again and again for the same person. Really, how often is there a change in human behaviour and in their signatures? Do they change every year? The answer seems to be ‘yes’ since we are obliged to repeat KYC every year.”
The various KYC utilities offered to date have largely failed, he believes, because the pain of responding to KYC is not taken seriously. His one possible solution is that unless there is a change in circumstances for the client, banks and FIs should not repeatedly ask for KYC confirmations but instead take an annual declaration that there is no change in previous KYC status.
Ideally, Juyal sees a digital repository with unique reference number, as the longer-term answer. “If anyone wants it, just give that reference number and you are done.” That number could operate in much the same way a Director Identification Number, but using data masking for more security.
In the meantime, he suggests other treasurers could make life easier for themselves by taking a relatively simple action. “Make at least five printouts of KYC documentation, get them signed immediately by the respective authorised signatories, and make your own ‘repository’,” he suggests. “Every year, whenever necessary, just take one copy as required and provide it to your banks. That way you can save your time for five years if there is no change in signatories.”
That the process is still excruciating for most treasurers raises some key questions for Juyal. “I would like to understand if we are seriously looking for KYC, or if what we are doing is merely to comply with the requirements? Also I’d like to know why, if there is a proper system in place to check KYC, are there still frauds in businesses, banks or financial institutions?”
For him, the overarching purpose of KYC requests should be made clear by those that require it: “By all means ‘Know Your Customer’ but please don’t ‘Knot Your Customer’ with this pain”.
Way forward
One practical solution to the pain felt by the likes of Juyal, suggests Samuels, is leveraging the technology “which is now getting ahead of the demands of regulation”, automation helping organisations increase the productivity and effectiveness of the existing team. “As regulation becomes more demanding, it’s in every organisation’s best interest to make sure it has collected and aggregated all the available information, even from public sources.”
For Mistry, global corporates should make greater investment in the internal talent and skillset which could conduct surveillance on the latest regulatory updates, and then develop effective responses. “In many large corporates today, these services are outsourced to external legal firms, which have proven to not always be the best option when it comes to defining business-prudent solutions to complex regulatory requirements.” Internally keeping data accurate and easily accessible offers considerable pain relief.
Corporates (as well as other legal entity types) should also consider providing their banks with a Legal Entity Identifier (LEI – an ISO standard 20-character code). “It provides a tremendous uplift in our dataset,” says Trivedi. Centrally stored LEIs allow banks to pre-populate a number of KYC fields.
It also helps if corporates publish – and keep updated – KYC-relevant data through providers such as SWIFT, IHS Markit, and other KYC utility platforms, he adds. “And if there is no appetite to cover every legal entity in the group, at least know the ones that constantly require updating and keep those current.”
Banks have a role to play too, individually and en masse. “We need to make sure we have a well-defined and finite set of informational elements that we request from clients. We can do that by sourcing data from public sources, including existing KYC repositories, but where we have deep relationships with our clients, we will often already have a lot of information that we can source, eliminating the need to ask.”
But Trivedi acknowledges that banks should also be creating more efficient channels through which they collect data and documents pertaining to KYC, onboarding, and other relevant areas. “As an industry, the majority of our information exchange with clients is via email. Clients are becoming more sensitive to this and are looking for more efficient and secure ways to exchange information and as institutions we should provide improved capabilities.”
At a regulatory level, there is a growing case to be made for large corporates to exercise their substantial jurisdictional public policy lobby capabilities, “positively influencing the development of regulations”, suggests Mistry. “This could be in collaboration with banking partners or industry associations.”
Whilst much of the recent policy updates governing KYC and AML have focused on mitigating emerging risks from ‘bad actors’, he feels providing greater strength to regional regulatory bodies to impose sanctions on member banks has an unintended consequence. Indeed, in many instances, more stringent local interpretations of the actual risk and its related policy mandate have created an even greater burden among corporates and their banking partners to profitably comply with the regulations.
A specific case for lobbying he therefore suggests would be for global corporates to earn KYC relief for legal entities – even privately-held entities within a corporate group – that are 100% directly owned and controlled by a publicly-traded parent organisation.
Promising engagement
For Masquelier, on the regional utility front, she says the first thing to note is that they were created to meet the local needs of smaller, regional institutions. “This approach cannot solve the full problem on its own,” she states. For her, solving KYC is about getting the right industry dynamics and the right support from banks, corporates and regulators.
Once the correct industry dynamics are in place, fintechs can step in to solve some specific problems in areas like identity management, pattern detection and information sourcing, for example, she believes. It also becomes feasible for local registries to be integrated with a more globally focused registry so that banks and corporates can receive and provide all the information they need in one place.
“But if financial institutions and corporates were only to consider their own individual needs and what works for them, solving the challenges around KYC would be nearly impossible,” argues Masquelier. The future therefore must be about collaboration.
From SWIFT’s engagement with both parties in opening its KYC Registry (its global platform of predefined KYC data fields and document types) to corporates in 2019, it became clear that financial institutions and corporates alike recognise KYC as a necessity, and that both are keen to collaborate to create a solution that works for all parties involved.
“The forum we created when trialling our KYC Registry enabled corporates to understand why banks ask for certain types of information, and for banks to reflect on the questions they are asking, and to assess whether opportunities exist for harmonisation through global standards,” she comments.
As an active participant, Trivedi says J.P. Morgan has noticed many more requests coming from its non-bank clients who are keen to participate in a platform enabling them to publish standardised common KYC data and documentation, consumable by banks “in a more systemic fashion” (the more localised requirements being handled by the banking sector’s aim to streamline data requirements and be more proactive with its collection processes).
“If this engagement has revealed anything,” Masquelier continues, “it’s that there is real appetite for collaboration across the industry, and by harnessing this, the industry is on the right track to building a KYC solution that works for banks and corporates together.”